We take security seriously. Bank-level encryption, PCI compliance through Stripe, and enterprise-grade infrastructure. Because trust is not optional.
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. The same encryption used by banks and governments.
We never store credit card data. All payments are processed through Stripe, a Level 1 PCI DSS certified provider.
Passwords are hashed with bcrypt. Session tokens are cryptographically secure. CSRF protection on every form.
Hosted on AWS with automatic backups, DDoS protection, and 99.9% uptime SLA. Your data is replicated across multiple regions.
Built with privacy by design. Customer data export, deletion, and consent management are built into the platform.
We are actively pursuing SOC 2 Type II certification to meet enterprise security requirements.
We conduct quarterly security assessments and third-party penetration testing to identify and fix vulnerabilities.
24/7 security monitoring. Any suspected breach is investigated immediately and customers are notified within 72 hours.
All customer booking data is encrypted at rest using AES-256
Data in transit uses TLS 1.3 with perfect forward secrecy
Credit card data is tokenized by Stripe — we never see the full card number
Payment processing happens directly between your customer and Stripe
Access logs are retained for 90 days for audit purposes
Database backups are encrypted and stored in geographically separate regions
Multi-factor authentication available for all dashboard users
Role-based access control — staff only see what they need to see
BookingFlow uses Stripe for all payment processing. Stripe is a certified PCI Service Provider Level 1, the highest level of certification in the payments industry.
We never store credit card data. When your customer enters payment information, it goes directly to Stripe. We only receive a secure token that represents the card.
Funds from bookings are transferred directly to your Stripe account. BookingFlow collects our service fee automatically through Stripe Connect. We never hold your venue's money.
Standard Stripe processing fees apply: 2.9% + $0.30 per transaction. BookingFlow service fees are separate and transparent to customers. Learn more about our fee structure.
| Standard | Status | Details |
|---|---|---|
| PCI DSS Level 1 | Via Stripe | Payment card data never touches our servers |
| GDPR | Compliant | Full data portability and deletion rights |
| SOC 2 Type II | In Progress | Expected certification Q3 2026 |
| ISO 27001 | Planned | Information security management system |
Your booking widget needs to work 24/7. We guarantee 99.9% uptime or you get service credits.
Hosted on AWS with automatic failover, load balancing, and multi-region redundancy.
Our security team monitors the platform around the clock. Suspicious activity triggers immediate alerts.
Real-time intrusion detection, DDoS mitigation, and automated threat response.
Our team is here to answer your questions. Enterprise customers can request a full security audit.
Contact Our Security TeamResponses are generated using AI and may contain mistakes.
Hey! Ask me anything about BookingFlow.